CVE-2016-1288Improper Input Validation in Cisco WEB Security Appliance

CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 36.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedMar 3
Latest updateMay 14

Description

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcisco/web_security_appliance8.5.0-497, 9.0.0-193+1

🔴Vulnerability Details

2
GHSA
GHSA-rq33-86v9-3777: The HTTPS Proxy feature in Cisco AsyncOS before 82022-05-14
CVEList
CVE-2016-1288: The HTTPS Proxy feature in Cisco AsyncOS before 82016-03-03

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability2016-03-02
CVE-2016-1288 — Improper Input Validation in Cisco | cvebase